Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
The Lazarus group, a hacking collective backed by the North Korean state, is allegedly focusing on LinkedIn users within the digital asset sector as part of its recent attempt to deploy crypto hacking malware, according to blockchain security firm SlowMist on April 24.
“The Lazarus Group is presently reaching out to targets in the cryptocurrency sector via LinkedIn and is stealing employee privileges or assets using malware,” SlowMist shared on its X account.
North Korean Crypto Hacking Group Targeting LinkedIn Users
The blockchain security firm claimed that members of the Lazarus Group were establishing counterfeit profiles on the networking platform, contacting human resources staff and hiring managers at various blockchain-related companies.
#Lazarus #APT The Lazarus group seems to be currently contacting targets through LinkedIn and stealing employee privileges or assets via malware. #Lazarus #APT Lazarus 组织目前正通过 LinkedIn 联系加密货币行业的目标,并通过恶意软件窃取员工权限或资产。
— 23pds (@im23pds) April 24, 2024
Subsequently, the North Korean hackers provide a link containing code to showcase their programming skills. However, this code conceals harmful malware designed to compromise the victim’s personal information.
“Initial declarations and dependency loading scripts generate errors right from the start, likely to mislead analyzers or automated tools,” SlowMist noted. “Multiple Node.js modules are imported, and environment variables along with function definitions specify the operating system’s hostname, platform type, home directory, and temporary directories.
A recurring function, aptly named “stealEverything,” then “tries to extract as much data as possible from the user’s device and upload it to a server managed by the attacker.”
Lazarus Group’s Ties To North Korea’s WMD Program
Related Posts
A report from a U.N. panel of experts released last month indicated that approximately 40% of North Korea’s weapons of mass destruction (WMD) were financed through “illicit cyber means.”
The Lazarus Group has, to date, pilfered over $3 billion worth of digital assets worldwide.
A recent report from blockchain intelligence firm TRM Labs revealed that the authoritarian regime stole more than $600 million in 2023 alone.
Security officials from the U.S. and its allies are concerned that the nation’s state-sponsored malware operations could pose a risk to national security.
In December, U.S. National Security Advisor Jake Sullivan convened a meeting with diplomatic representatives from South Korea and Japan to discuss North Korea’s WMD program.
Last year, the U.S. imposed sanctions on the crypto mixer Sinbad, identified as a “key money-laundering tool” for the regime’s digital asset exploitation efforts.
“The Treasury Department and its U.S. government partners are prepared to utilize all available tools to prevent virtual currency mixers, like Sinbad, from facilitating illicit activities,” Deputy Secretary of the Treasury Wally Adeyemo stated following the enforcement action. “While we promote responsible innovation in the digital asset ecosystem, we will not hesitate to act against illicit actors.”
It remains uncertain whether the Lazarus Group will encounter any political consequences due to its latest crypto malware operation.
The post Lazarus Group Targeting LinkedIn Users As Part Of North Korea Crypto Hacking Scheme appeared first on Cryptonews.
